Have two conditions one with each requirement. Assign both to the same profile.
Regards, Tyson Scott CCIE # 13513 (R&S, Security, SP) Managing Partner/Technical Instructor - IPexpert Inc. [email protected] ----- Reply message ----- From: "Meytal Mizrahi" <[email protected]> Date: Sun, Apr 10, 2011 10:27 am Subject: [OSL | CCIE_Security] When to set Cisco:Host or Cisco:PA? To: "Smith Dazen" <[email protected]>, "Kingsley Charles" <[email protected]> Cc: "[email protected]" <[email protected]> Cisco:HOST = host posture plugin, retrieves basic information about the host Cisco:PA = CTA posture plugin If you are using condition set from: 1. only host attributes so you will use host posture token. 2. only PA attributes so you will use CTA posture token. 3. from both so you will need to use CTA posture token. There is a really great book with explanation and configuration example for NAC framework: http://www.ciscopress.com/bookstore/product.asp?isbn=1587054035 Regards, Meytal -----Original Message----- From: [email protected] on behalf of Smith Dazen Sent: Sun 4/10/2011 11:46 AM To: Kingsley Charles Cc: [email protected] Subject: Re: [OSL | CCIE_Security] When to set Cisco:Host or Cisco:PA? task says, we have Cisco:PA with OS-type and Cisco-Host for Hostfix , both need to be true to return healthy, if anyone of them is not true , it should return quarantine. so in this case what should be the posture token ? ________________________________ From: Kingsley Charles <[email protected]> To: Smith Dazen <[email protected]> Cc: [email protected] Sent: Sun, April 10, 2011 8:02:49 AM Subject: Re: [OSL | CCIE_Security] When to set Cisco:Host or Cisco:PA? It depends on the task. With regards Kings On Sun, Apr 10, 2011 at 3:33 AM, Smith Dazen <[email protected]> wrote: I need the expert to confirm if it really doesn't matter to choose Cisco:Host or Cisco:PA for and condition >> > >>> Cisco:PA:OS-Type contains Windows 2000 >>> AND >>> Cisco:Host:Hotfixes=KB14478 > >otherwise is quarantine,, so what should be the posture token. > > > >reference old post :- >http://www.mail-archive.com/[email protected]/msg03883.html > > >Although the solution doesn't say > why, it makes a point of saying >specifically which one you should be selecting for the token (Cisco:PA or >Cisco:Host). The only conclusion that I can draw from this and the NAC VolI >book is that if you only assess Cisco:Host values then you need to assign a > Cisco:Host token. Whereas if you evaluate both Cisco:Host and Cisco:PA >values then it doesn't matter which one you select. > > >_______________________________________________ >For more information regarding industry leading CCIE Lab training, please >visit >www.ipexpert.com > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
